At a Glance
- Tasks: Design and implement Microsoft Intune's Endpoint Privilege Management for secure access.
- Company: Join a leading cybersecurity firm in London with a focus on innovation.
- Benefits: Enjoy competitive pay, health perks, flexible remote work, and growth opportunities.
- Other info: Collaborative environment with excellent career advancement potential.
- Why this job: Make a real difference in cybersecurity while working with cutting-edge technology.
- Qualifications: Experience with Microsoft Intune and strong analytical skills required.
The predicted salary is between 60000 - 80000 € per year.
We are looking for a Cyber Security Engineer - Endpoint at London, UK – 2 days per week Onsite.
Role Description:
The Intune Endpoint Privilege Management Specialist is responsible for designing, implementing, and administering Microsoft Intune’s EPM capabilities to enforce least privilege principles across the organisation. This specialist ensures users have secure, controlled, and auditable access to elevated privileges via Just In Time (JIT) elevation, while reducing security risks associated with local admin rights.
Key Responsibilities:
- Endpoint Privilege Management (EPM) Architecture & Administration:
- Lead the design, deployment, and optimization of Microsoft Intune Endpoint Privilege Management.
- Define and implement elevation rule policies, including approval workflows and automation.
- Configure and maintain Just Enough Access (JEA) and Just In Time (JIT) elevation scenarios.
- Analyse and classify apps requiring elevation and build appropriate Elevation Rules.
- Least Privilege Enforcement & Security Hardening:
- Remove and prevent permanent local admin rights on all Windows devices.
- Build processes and automation to support secure elevation without impacting productivity.
- Integrate EPM with broader Zero Trust and Microsoft Defender security models.
- Conduct security assessments and hardening activities for endpoint privilege controls.
- Device & App Lifecycle Governance:
- Manage EPM policies across Windows 10/11 devices enrolled into Intune.
- Maintain and optimise EPM for core business applications that require privileges.
- Ensure consistent policy enforcement across hybrid-joined, Azure AD joined, and co-managed devices.
- Monitoring, Logging & Reporting:
- Build dashboards and reporting workflows for elevation rule usage, approved/denied elevation requests, risk analysis, and anomalous behaviour.
- Leverage Log Analytics, Microsoft Defender, and Graph API to automate insights.
- Provide regular reporting to security governance forums.
- Enterprise Collaboration & Support:
- Partner with Security, Identity, Desktop, and Application teams to operationalise least privilege.
- Act as SME for escalations related to software requiring elevation or blocked by policy.
- Document processes, runbooks, and security guidelines for internal teams.
- Lead training and awareness activities for support teams on EPM operation.
Required Skills & Experience:
- Technical Requirements:
- Hands-on experience with Microsoft Intune Endpoint Privilege Management (EPM).
- Deep understanding of least privilege and Zero Trust security models, elevation rule creation, testing, and deployment, application behaviour analysis and privilege requirements, Windows security hardening, Defender for Endpoint (particularly Attack Surface Reduction), Log Analytics / KQL for monitoring privilege escalations, and strong PowerShell scripting capability (automation, Graph API, rule validation).
- Preferred Experience:
- Familiarity with Microsoft Defender XDR / vulnerability management, Conditional Access & Identity Protection, AppLocker/App Control for Business.
- Relevant certifications (beneficial): MD-102 Endpoint Administrator, MS-102 Microsoft 365 Administrator, SC-200 Security Operations Analyst, SC-300 Identity & Access Administrator.
- Soft Skills:
- Clear communicator able to simplify complex security concepts.
- Strong analytical and root-cause analysis capability.
- Process-driven, with attention to documentation and governance.
- Ability to build trust with both technical and non-technical stakeholders.
Key Deliverables:
- Enterprise-wide implementation of Microsoft Intune Endpoint Privilege Management.
- Removal of local admin rights across the organisation.
- Secure and frictionless JIT elevation experience for end users.
- Comprehensive reporting for audit, compliance, and risk monitoring.
- Continuous improvement of endpoint privilege workflows and automation.
Cyber Security Engineer - Endpoint in London employer: GIOS Technology
Join a forward-thinking organisation in London as a Cyber Security Engineer - Endpoint, where you will play a pivotal role in enhancing our security posture through innovative endpoint privilege management. We pride ourselves on fostering a collaborative work culture that values continuous learning and professional development, offering employees the chance to grow their skills in a dynamic environment. With flexible working arrangements and a commitment to employee well-being, we ensure that our team members thrive both personally and professionally.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Engineer - Endpoint in London
✨Tip Number 1
Network, network, network! Get out there and connect with people in the cyber security field. Attend meetups, webinars, or even local events. You never know who might have a lead on your dream job!
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects related to Microsoft Intune and endpoint security. This gives potential employers a taste of what you can do and sets you apart from the crowd.
✨Tip Number 3
Prepare for interviews by brushing up on common questions related to least privilege principles and EPM. Practice explaining complex concepts in simple terms, as communication is key in this field.
✨Tip Number 4
Don’t forget to apply through our website! We’re always on the lookout for talented individuals like you. Plus, it’s a great way to ensure your application gets seen by the right people.
We think you need these skills to ace Cyber Security Engineer - Endpoint in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Cyber Security Engineer role. Highlight your experience with Microsoft Intune and any relevant projects you've worked on. We want to see how your skills align with our needs!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about endpoint security and how you can contribute to our team. Keep it concise but impactful – we love a good story!
Showcase Your Technical Skills:Don’t forget to highlight your technical skills, especially around EPM, PowerShell scripting, and security hardening. We’re looking for someone who can hit the ground running, so make sure we see your expertise!
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you’ll be one step closer to joining our awesome team at StudySmarter!
How to prepare for a job interview at GIOS Technology
✨Know Your Tech Inside Out
Make sure you brush up on your knowledge of Microsoft Intune and Endpoint Privilege Management. Be ready to discuss how you've implemented least privilege principles in past roles, and have examples of elevation rule policies you've defined or worked with.
✨Showcase Your Problem-Solving Skills
Prepare to talk about specific challenges you've faced in security hardening or managing local admin rights. Use the STAR method (Situation, Task, Action, Result) to structure your answers and demonstrate your analytical skills.
✨Communicate Clearly
As a Cyber Security Engineer, you'll need to explain complex concepts to non-technical stakeholders. Practice simplifying your explanations and be ready to showcase your communication skills during the interview.
✨Be Ready for Scenario Questions
Expect scenario-based questions that test your ability to apply your knowledge in real-world situations. Think about how you would handle specific cases involving Just In Time elevation or integrating EPM with Zero Trust models.
